package com.boxuegu.websecurity.bbs.filter;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;

/**
 * @program: cyberDefense
 * @description: XSS过滤器
 * @author: fengjd
 * @create: 2022-07-27 13:46
 **/

@WebFilter(filterName = "XSSFilter" , urlPatterns = "/*")
public class XSSFilter  implements Filter {

    String[] exclusionsUrls = {".js", ".gif", ".jpg", ".png", ".css", ".ico"};

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        /* 如果访问静态资源,就放行 */
        HttpServletRequest req = (HttpServletRequest) servletRequest ;
        String path = req.getServletPath();
        for (String str : exclusionsUrls) {
            if (path.contains(str)) {
                filterChain.doFilter(servletRequest, servletResponse);
            }
        }

        XssHttpServletRequestWrapper wrapper = new XssHttpServletRequestWrapper(req);
        filterChain.doFilter(wrapper,servletResponse);

    }
}
